use ssh -oStrictHostKeyChecking in euca_conf --discover-nodes

Bug #436210 reported by Colin Watson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eucalyptus (Ubuntu)
Fix Released
High
Dustin Kirkland 

Bug Description

euca_conf --discover-nodes prompts for manual acceptance of node host keys even when they were installed by the UEC installer. We probably ought to use 'ssh -oStrictHostKeyChecking=no' in the --discover-nodes case.

(I don't think we should turn off host key checking in the general case of node registration outside of the --discover-nodes fast path; it's not perfect to turn off host key checking in general, but it's definitely not good to turn it off when you might have to use password authentication.)

Tags: eucalyptus
Changed in eucalyptus (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

This should be relatively straightforward, to append an SCP_OPT="-oStrictHostKeyChecking=no" if we're in --discover-nodes, and SCP_OPT="" otherwise.

:-Dustin

Changed in eucalyptus (Ubuntu):
assignee: nobody → Dustin Kirkland (kirkland)
status: Confirmed → In Progress
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eucalyptus - 1.6~bzr854-0ubuntu5

---------------
eucalyptus (1.6~bzr854-0ubuntu5) karmic; urgency=low

  [ Dustin Kirkland ]
  * debian/control: drop dhcp from -nc's recommends, add it to -cc's
    recommends, LP: #364925
  * tools/euca_conf.in: use "-oStrictHostKeyChecking=no" if we're doing
    --discover-nodes, LP: #436210
  * debian/eucalyptus-udeb.finish-install: add own ssh host key to
    /etc/ssh/ssh_known_hosts, LP: #436211

  [ Colin Watson ]
  * euca_find_cluster: Use the proper bracketed format for IPv6 host/port
    combinations.
  * euca_find_cluster: For now, only ask for an IPv4 address for the
    cluster, as IPv6 addresses often show up by accident but don't work, and
    we don't have time to deal with this right now (LP: #436200).
  * tools/eucalyptus-java-ws.in: Increase timeout here too, to go with
    Matt's previous change.

eucalyptus (1.6~bzr854-0ubuntu4) karmic; urgency=low

  * Temporarily disable rejection of loopback addresses in registerComponent.
    This seems perfectly valid when the cloud and cluster controllers are
    running on the same system.

    This works around LP: #434593 (which is a blocker for 9.10 beta) and
    reopens LP: #431934 (which is not)
  * tools/eucalyptus-cc.in:register_local_cloud: Increase the timeout
    waiting for the service to start before registering it. Increasing from 10
    seconds to 60 seems to be sufficient to work around LP: #434590

 -- Colin Watson <email address hidden> Fri, 25 Sep 2009 15:30:36 +0100

Changed in eucalyptus (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.